Some 15 companies, including Google, Facebook, Microsoft, Yahoo, PayPal plan to jointly work on a standard for blocking phishing e-mails by verifying that they come from legitimate companies. It seems obvious that trusted, legitimate companies could come together to do this, but it’s only started happening in the last 18 months.
DMARC.org – or the Domain-based Message Authentication, Reporting, and Conformance – is a new white-list system will be available for use across the Internet.
The other companies in the DMARC working group are AOL, Bank of America, Fidelity Investments, American Greetings, LinkedIn, and e-mail security providers Agari, Cloudmark, eCert, Return Path, and Trusted Domain Project.
The move follows an announcement in November that Google, Microsoft, Yahoo, AOL, and Agari were authenticating emails from Facebook, YouSendIt, and other e-commerce companies and social networks.
DMARC said the anti-phishing initiative has actually been going on for the last 18 months.
According to Google, about 15 percent of all e-mail comes from members of DMARC, but by published their DMARC records, these records can not be domain spoofed. This makes the anti-phising group much more effective at stopping criminal gangs from using phasing to dupe unsuspecting users.
DMARC.org plans to submit the DMARC specification to the Internet Engineering Task Force for standardisation.
So perhaps we’ll start to see the ending of phishing once and for all.